HIPAA Training

What is HIPAA?

HIPAA is an acronym for Health Insurance Portability and Accountability Act of 1996. It requires that “protected health information” or PHI be protected and handled confidentially, which includes how PHI is stored, who can access PHI, how PHI is transmitted, and how PHI is used.

Privacy And Security Rules

Privacy Rule

To protect the privacy of PHI that can identify a specific individual or person.

Security Rule

To set national standards for protecting electronic PHI.

Protected Health Information

PHI refers to individually identifiable health information which can be linked to a particular individual or person. It includes:

The individual’s past, present, or future physical or mental health

The provision of health care to the individual

The past, present, or future payment for the provision of health care to the individual

Common Identifiers And Examples Of Health Information

Common Identifiers

This includes:

Names

Social Security Numbers

Birth Dates

Addresses

Examples

This includes:

Care Plans

Wound Care Logs

Admissions & Referral Forms

Incident Reports

Who Is Covered?

Healthcare Providers

Any person or organization who furnishes, bills, or is paid for health care in the normal course of business, such as Nursing Homes, Hospitals, and ICF/MR’s.

Healthcare Plans

Any individual or group plan (or combination) that provides, or pays for the cost, of medical care, such as health insurance issuers (Blue Cross Blue Shield), HMOs, Group Health Plans, Medicare, Medicaid.

Healthcare Clearinghouse

Any company that translates data content or format for another entity from non-standard to standard or vice-versa.

Business Associates

A person or entity that performs a function for a covered entity which involves the use or disclosure of PHI. Some examples include:

Consultant

Attorney

Collection Agency

Medical Transcriptionist

Permitted Uses And Disclosures

The Privacy Rule allows you to use or disclose PHI as follows:

To the individual

For treatment, such as disclosing PHI to other healthcare professionals caring for the individual

For payment, such as claims billing, review services for coverage, or medical necessity

For healthcare operations which are the day-to-day operations necessary for quality care. Examples include verifying documentation and determining the quality of care provided by clinicians

Authorization Not Required

The following allows you to use or disclose PHI without the individual’s authorization:

As required by law

For public health activities

For victims of abuse, neglect, or domestic violence

For health oversight activities

For judicial and administrative proceedings

For law enforcement purposes

To avert a serious threat to health or safety

For specialized government functions

Authorized Uses And Disclosures Required

A signature from the individual or their personal representative is required to use PHI:

For use and disclosure of psychotherapy notes

For use and disclosures to third parties for marketing activities

Limiting Uses And Disclosures

When using or disclosing PHI, you should use only the minimum amount required to achieve the purpose of the particular use or disclosure. Please note that disclosures for treatment do not apply to this requirement.

State Law

If the state law is more protective of the individual, then it takes precedence over HIPAA.

Privacy Rights

An individual has the right to:

Receive a written notice describing your facility’s privacy practices on the first date of service

See or receive a copy of their medical record or other health information

Request that any incorrect information in their file be changed

Have PHI communicated to them by alternative means and at an alternative location to protect confidentiality

Request restrictions to the use and disclosure of their PHI

Request a history of disclosures of PHI for six years prior to the request

File a complaint regarding any privacy concern or breach of privacy with your facility or Department of Health and Human Services (HHS)

Keep Passwords Safe

Your password is private and personal. It is the connection to everything you access and save on your computer. Here are some suggestions for protecting the privacy of your password:

Never write your password on a post it note and place it on your computer.

Passwords are for your individual use.

Never email your password.

Never ask someone for their password or give them yours.

Summary

Here are a few important points to remember regarding HIPAA:

HIPAA law is evolving

Influenced by emerging patient needs

Affected by changing technology for collecting, storing, distributing and using PHI

Impacts our jobs

Impacts us as individuals who deserve to keep our own health information private, protected and secure

FAQs

Q: Are we required to supply patients access to their medical records with a fixed time period?

A: Yes. By law, patients requesting access must receive copies of their medical records within 30 days of a written request.

Q: Does the HIPAA Privacy Rule apply to our company’s professional associates?

A: Yes. Compliance requirements include business associates, such as vendors, lawyers, accountants and sub-contractors.